如何在 HTTP 标头中设置 REMOTE_USER？

Question

I've got an issue with my Apache settings.

I installed a web application that partly accepts external authentication:

• I use Apache to manage the access to my application web pages.
• If the authentication is successful, the environment variable REMOTE_USER is set with the user's name.
• Then the user name is passed to my application through the HTTP header so the application opens on the user session.
• This is mostly an Apache configuration for the application. I only set the name of the variable (HTTP header) that contains the username in my application config file.

Here is the issue : I can authenticate successfully (most of the time) but my HTTP header is set to null.

Some additional details :

• I use Apache and the mod_perl modules (AuthenNIS + AuthzNIS + Net-NIS) to authenticate to my app with NIS account.

• With the following Apache config file I have the authentication form when I try to access my application but the REMOTE_USER header is set to null.

   Listen 2208 <VirtualHost *:2208> RewriteEngine on DocumentRoot "/path/to/static" <Directory "/path/to/static"> Options +Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all AuthType Basic AuthName "Authentifiez vous" PerlAuthenHandler Apache2::AuthenNIS PerlAuthzHandler Apache2::AuthzNIS PerlSetVar AllowAlternateAuth no require valid-user </Directory> RewriteEngine on RewriteRule . - [E=RU:%{LA-U:REMOTE_USER}] RequestHeader set REMOTE_USER %{RU}e RewriteRule ^/apps$ /apps/ [R] RewriteRule ^/static/style/(.*) /path/to/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/scripts/(.*) /path/to/static/scripts/packed/$1 [L] RewriteRule ^/static/(.*) /path/to/static/$1 [L] RewriteRule ^/favicon.ico /path/to/static/favicon.ico [L] RewriteRule ^/robots.txt /path/to/static/robots.txt [L] RewriteRule ^(.*) http://localhost:2209$1 [P] </VirtualHost>

If I set RequestHeader set REMOTE_USER "username" the application opens on the corresponding user session.

To see the value of REMOTE_USER I use the Firebug Firefox module to display the values of the http header + my application has a script that displays the value of variables passed to it.

I tested an almost identical Apache configuration on an index.php page that displays the values of server variables in a http request. The difference lies in the RewriteRules.

        <?PHP
                    foreach($_SERVER as $key_name => $key_value) {
                    print $key_name . " = " . $key_value . "<br>";

                    }
        ?>

In this case, I get a REMOTE_USER et HTTP_REMOTE_USER with a username value.

I don't understand where my problem lies.

Apache 2.2.31 RedHat 6.5

Thanks in advance !

Answer 1

do NOT use the following, because you will get into trouble with execution phases if the REMOTE_USER is set with a module like mod_authn_ntlm (ntlm with local computer, see https://support.microsoft.com/en-us/kb/896861 ).

RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set X-Remote-User %{RU}e

instead use the following methods:

RequestHeader set X-Remote-User expr=%{REMOTE_USER}

there is also a solution with mod_ssl

RequestHeader set X-Remote-User %{REMOTE_USER}s

Answer 2

In Apache 2.2 server we gave below configuration. We have C# ASP.NET Core 2.1 application and in our HTTP Request header we get user name like below

   <LocationMatch ^/mylocation>
     AuthName "NTLM Authentication"
     NTLMAuth on
     NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
     NTLMBasicAuthoritative on
     NTLMBasicRealm xxx_yy
     AuthType NTLM
     require valid-user
     RewriteCond %{LA-U:REMOTE_USER} (.+)
     RewriteRule . - [E=RU:%1]
     RequestHeader set X-Remote-User %{RU}e

   </LocationMatch>

In our C# ASP.NET Core 2.1 application application we get below in HTTP Request Header

Key: X-Remote-User, Value=xxx_yy\abcdefg